Remove unnecessary sleep when configuring unbound
Reconfigure VLANs after recreating LAGG interfaces. Fix #9453
get_sysctl(): check return status and log failures, add retries. #14648
Handle IPv6 GUA and ULA in get_interface_track6ip(). Fix #15057
Include IPv6 VIPs in system subnet aliases. Fix #15096
Handle backuppath entries with multiple paths. Fix #15076
Fix off-by-one error when checking for system uid/gid. Fix #15067
Check "all" when restarting unbound based on interface. Fix #15071
Consolidate shaper input validation
Remove the duplicate function and integrate it with the rest of thevalidate_input() methods.do_input_validation() in guiconfig.inc cannot be included in shaper.inc;this change avoids moving it somewhere that may not be ideal.
Don't refresh the cache when visiting the update page. Fix #15055
Show the target for auto outbound NAT rules. Fix #15025
Append a new line to NAT rule errors. Fix #15024
Update fontawesome references in form buttons
More fontawesomev6 updates
Merge pull request #4615 from blkeller/apu2-expanded-serial-fix
Fix IPsec log value handling. Fixes #14990
Refactor use of return_gateways_array() with get_gateways(). Fix #14893
Most calls to return_gateways_array() do not need the gateway list to berecreated. get_gateways() can filter the gateway list, and indexing ismoved from return_gateways_array() to get_gateways() to avoid using...
Don't split fontawesome icon names
This makes it easier to update fontawesome versions. While here, fix amissing closing quote, and use the correct fontawesome prefix.
Update fontawesome icon names to v6. Implement #13537
Revert "Update fontawesome icon names to v6. Implement #13537"
This reverts commit 32be4696a301144c650f4765b8a2b51e28d95a40.
Utilize new -C flag to pfSense-upgrade
pfSense-upgrade's -c flag is intended to check only for upgrades against thecurrently configured repository (better termed as updates). The new -C flagexpands the search for new versions of core packages into other non-devel repo...
Expand detection of PC Engines APU2 platform to include all variants
Fixes #13498 in Redmine.
Merge pull request #4634 from rlaager/fix-mss-clamping-for-v6-vpn
Merge pull request #4653 from PhilZ-cwm6/patch_ovpn_nbdd
Update fontawesome. Implement #13537
Update jQuery and jQuery-ui. Implement #13537
Update misleading function names. Fix #11566
Support URL IP aliases in alias_expand(). Fix #14947
OpenVPN: expose NBDD servers in GUI
In GUI for both server and client specific overrides, add option to push DHCP NBDD option to client
Merge pull request #4576 from PhilZ-cwm6/patch_vpn_netbios_deprecated_settings
Merge pull request #4603 from luckman212/scrubing-to-scrubbing
Use a function to get OpenVPN device names
Rector some direct config array accesses with pure scalar paths.
Specify specialnet flags when calling get_specialnet(). Fix #14935
Allow passing specialnet flags to pconfig_to_address() to correctlyhandle address/network config elements. Also correctly handle VIPselection in nat/binat rules.
kea: validate v4 client identifiers as being valid hex strings, otherwise wrap in single quotes
Don't use aliases in binat rules. Fix #14918While there, handle negated binat addresses.Also use the correct specialnet description.
Selectively kill DHCP server by family. Fixes #14897
Fix some syntax/logic errors in interface config.
MVC updates for SSH and gateways code.
Generate a system alias for PPPoE clients. Fix #14885
Remove outddated DHCPv6 test. Fixes #14884
Refresh OS CA list after updating trust store. Fixes #14876
Use the interface name for the reserved system alias suffix. Fix #14866
Specify specialnet flags for GUI fields. Fix #14845Store the flags in variables to allow easier future updates.
kea: enable RFC6842 compatibility mode
kea: fix netboot regression
kea: prevent configuring static reservations with both mac and cid matching
Force gateway alarm for dynamic WAN link down
Include hostname in DDNS notify. Implements #9504
Introduce Kea DHCP
Update DDNS split host+domain list. Fixes #14783
Fix str concat for one.com DDNS. Fixes #14649
Minor cleanup in shift_separators()
PHP memory limit calc correction. Fixes #13377
Do not limit the maximum to less than the default for the architecture.
Check disabled gw/ifs when validating gw addr fam. Fixes #8846
Add input validation for sock_queue_timeout. Fix #14731
Correct HTTPS cert list. Fixes #14672
Make sure to exclude weak CA chains from list of HTTPS certificates.
Check for routing protocol flags when removing the default route. Fix #14717
Skip empty separators. Fixes #14794
Other nearby similar loops already had this check, this was the only onemissing.
Prevent nginx from serving backup copies of files.
Files with .orig can be left in place from patching and .pkgsave filesare left in place if files are replaced with different copies from pkg.
Correct Gandi LiveDNS name. Fixes #14784
PHP memory limit; Accommodate systems with 1GiB or less of RAM. Feature #13377
Uncompress IPv6 before filtering interface addresses. Fix #14785
Fix format of OpenVPN cached interface. Fixes #14781
Remove the cached interface address when killing the dhcp client. Fix #14616
Align pfSense and OS locale names. Fixes #13776
Correct program reference in syslog config. Fix #14768
Rewrite update_repos(). Fixes #14609
Rewrite update_repos() to use process_open() style execution with a fullpkg-style environment. This allows it to fully respect the proxy settingsconfigured in the GUI.
Only log radvd level err and higher by default. Fix #12938Previous behavior can be restored under System > Advanced > Networking
Align indentation in syslogd conf file
Automatically configure the state hash tables size. Implement #14750
Add unbound option sock-queue-timeout to the GUI. Implement #14731
Intel Speed Shift support. Implements #14047
GUI controls only appear on hardware that supports Speed Shift.
Prioritize the first GUA when selecting the primary IPv6 address. Fix #14725
Validate mixed address family for outbound NAT rules. Fix #14719
services.inc: ensure dhcpd devfs is only ever mounted one time
Mobile IPsec settings PHP refactor corrections. Fixes #14713
Tweak formatting of SMTP notifications
Notification code updates
Return the first interface address instead of the last. Fix #14623
Refactor rule separators. Fix #14691
Correct IPv6 LL addr locate behavior. Fixes #14392
Comments said it should take the first but it was taking the last.
Make that behavior optional but default to taking the first as wasoriginally intended.
Simplify interface_find_child_cfgmtu(). Fixes #13218
Option to require if select before showing fw rules. Implements #13124
Originally submitted in PR 4582 by Chrisc-c-c at GitHub
Add a setting for PHP memory limit in System -> Advanced. Feature #13377
Prevent running upgrade code on first boot. Fixes #14698
Cast to string before ctype_digit() testing. Fixes #14702
pkg-utils.inc: just consider the first line of output from rquery when determining remote version.
Fix var name in ipsec_ikeid_next(). Fixes #14690
Extend support for SCTP in firewall and NAT rules. Implement #14640
Support specialnets in outbound NAT source/destination. Implement #3288Also, show an asterisk in place of 'Any' for the source,and avoid generating oNAT rules with invalid aliases.
Extend alias and VIP checks to outbound NAT
Work around weak certificates for nginx. Implements #14672
Check OpenVPN instances for deprecated items
Certificate digest strength changes
Part of ongoing changes for OpenSSL 3.x
Refactor outbound NAT target config fieldDon't keep a separate target field, and handlesome older configs on upgrade.
Revert "Refactor outbound NAT target config field"
This reverts commit 5557bc594916a5a6ff51ac8ed319a6ad436d3475.
Refactor outbound NAT target config fieldThere's no need to keep a separate target field,and now it's easier to implement #3288.